The New National Cybersecurity Strategy

/in


The new Cybersecurity Strategy face an onslaught of criticism on one particular front: allegations that this is regulation and red tape by another name, and that the administration does not care about innovation or business interests. These critiques are wrong.   

Imagine you bought a new car. It’s the first of its kind: sleek modern design, a new generation of hybrid, and it comes with all the navigational and communications gadgets you could want.  You plan to use it to drive your kids to school, go to the bank, and deliver packages for your small business. You’re taking it on a road trip in a week, and the family can’t wait.  

Then, a package arrives in the mail. It’s the airbags, accompanied by a perfunctory note: update to your new car now available! The manufacturer was so focused on meeting the public launch date they ran out of time to engineer new airbags. But they are here now, with only one small problem: you have to install the airbags yourself.

In the car industry, that level of security lapse would be unforgivable, and likely criminal. But that’s how too many developers have treated security for software—as an afterthought. The new cybersecurity strategy states it plainly: “Too often, we are layering new functionality and technology onto already intricate and brittle systems at the expense of security and resilience.” In other words, the focus has been on features and functions, not defense and resilience.

When computers were a novelty, or largely owned by computer scientists who enjoyed building and programming them, depending on users for security was an acceptable approach. But now, most Americans—most people around the world, even—carry computers in their pockets that are responsible for running critical aspects of our daily lives. They have become banks, healthcare, businesses, livelihoods, news, and entertainment. Smartphones know more about people’s lives than their closest friends and families.

Ideally, every American would completely understand how those devices work, including how social media apps like TikTok hoover up and export data, why quickly installing updates is important, and why location data can be…

Source…